acme-dns icon indicating copy to clipboard operation
acme-dns copied to clipboard

Published 20 hours ago verified publisher icon joohoi

cert-manager acme-dns, testing, skip verify tls?

Open bitsofinfo opened this issue 2 years ago • 2 comments

Hi, Not sure where to ask this, but I am testing the latest acme-dns w/ tls = "letsencryptstaging", on startup it appears to get the certificate fine and presents it ok on 443.

My question is I'm trying to test this setup using the acme-dns solver w/ cert-manager. How can I configure the acme-dns solver to accept the self signed certificated that acme-dns got from letsencryptstaging on boot?

bitsofinfo avatar Apr 26 '22 15:04 bitsofinfo

I'm getting this kind of error in cert-manager

I0426 15:33:09.736447       1 dns.go:355] cert-manager/challenges/Present/solverForChallenge "msg"="preparing to create ACMEDNS provider" "dnsName"="myapp.int.mytest99.net" "domain"="myapp.int.mytest99.net" "resource_kind"="Challenge" "resource_name"="myapp-int-ha901-net-cert-9xvcv-56847766-2596481006" "resource_namespace"="edg-apps" "resource_version"="v1" "type"="DNS-01" 
I0426 15:33:09.736537       1 dns.go:102] cert-manager/challenges/Present "msg"="presenting DNS01 challenge for domain" "dnsName"="myapp.int.mytest99.net" "domain"="myapp.int.mytest99.net" "resource_kind"="Challenge" "resource_name"="myapp-int-ha901-net-cert-9xvcv-56847766-2596481006" "resource_namespace"="edg-apps" "resource_version"="v1" "type"="DNS-01" 
E0426 15:33:09.736593       1 controller.go:166] cert-manager/challenges "msg"="re-queuing item due to error processing" "error"="account credentials not found for domain myapp.int.mytest99.net" "key"="edg-apps/myapp-int-ha901-net-cert-9xvcv-56847766-2596481006" 
I0426 15:33:09.736720       1 logs.go:177] cert-manager/controller "msg"="Event(v1.ObjectReference{Kind:\"Challenge\", Namespace:\"edg-apps\", Name:\"myapp-int-ha901-net-cert-9xvcv-56847766-2596481006\", UID:\"XXXXXXX-93bc-4375-9a88-XXXXXX\", APIVersion:\"acme.cert-manager.io/v1\", ResourceVersion:\"22318508\", FieldPath:\"\"}): type: 'Warning' reason: 'PresentError' Error presenting challenge: account credentials not found for domain myapp.int.mytest99.net"

and nothing in the acme-dns server logs

bitsofinfo avatar Apr 26 '22 15:04 bitsofinfo

My question is I'm trying to test this setup using the acme-dns solver w/ cert-manager. How can I configure the acme-dns solver to accept the self signed certificated that acme-dns got from letsencryptstaging on boot?

Since you have check that a given configuration can obtain the cert from Let's Encrypt Staging, why not simply switch to production? The cert will then be valid and accepted directly by cert-manager.

gbonnefille avatar Apr 27 '22 06:04 gbonnefille